+20010118
+ - (bal) Super Sized OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+ [sshd.c]
+ maxfd+1
+ - markus@cvs.openbsd.org 2001/01/13 17:59:18
+ [ssh-keygen.1]
+ small ssh-keygen manpage cleanup; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:03:07
+ [scp.c ssh-keygen.c sshd.c]
+ getopt() returns -1 not EOF; stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:06:54
+ [ssh-keyscan.c]
+ use SSH_DEFAULT_PORT; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:12:47
+ [ssh-keyscan.c]
+ free() -> xfree(); fix memory leak; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2001/01/13 18:14:13
+ [ssh-add.c]
+ typo, from stevesk@sweden.hp.com
+ - markus@cvs.openbsd.org 2001/01/13 18:32:50
+ [packet.c session.c ssh.c sshconnect.c sshd.c]
+ split out keepalive from packet_interactive (from dale@accentre.com)
+ set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+ - markus@cvs.openbsd.org 2001/01/13 18:36:45
+ [packet.c packet.h]
+ reorder, typo
+ - markus@cvs.openbsd.org 2001/01/13 18:38:00
+ [auth-options.c]
+ fix comment
+ - markus@cvs.openbsd.org 2001/01/13 18:43:31
+ [session.c]
+ Wall
+ - markus@cvs.openbsd.org 2001/01/13 19:14:08
+ [clientloop.h clientloop.c ssh.c]
+ move callback to headerfile
+ - markus@cvs.openbsd.org 2001/01/15 21:40:10
+ [ssh.c]
+ use log() instead of stderr
+ - markus@cvs.openbsd.org 2001/01/15 21:43:51
+ [dh.c]
+ use error() not stderr!
+ - markus@cvs.openbsd.org 2001/01/15 21:45:29
+ [sftp-server.c]
+ rename must fail if newpath exists, debug off by default
+ - markus@cvs.openbsd.org 2001/01/15 21:46:38
+ [sftp-server.c]
+ readable long listing for sftp-server, ok deraadt@
+ - markus@cvs.openbsd.org 2001/01/16 19:20:06
+ [key.c ssh-rsa.c]
+ make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+ galb@vandyke.com. note that you have to delete older ssh2-rsa keys,
+ since they are in the wrong format, too. they must be removed from
+ .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+ (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+ .ssh/authorized_keys2) additionally, we now check that
+ BN_num_bits(rsa->n) >= 768.
+ - markus@cvs.openbsd.org 2001/01/16 20:54:27
+ [sftp-server.c]
+ remove some statics. simpler handles; idea from nisse@lysator.liu.se
+ - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+ [bufaux.c radix.c sshconnect.h sshconnect1.c]
+ indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+ be missing such feature.
+
+
20010117
- (djm) Only write random seed file at exit
- (djm) Make PAM support optional, enable with --with-pam
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
-LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
+LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- * RSA-based authentication. This code determines whether to admit a login
- * based on RSA authentication. This file also contains functions to check
- * validity of the host key.
- *
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.7 2000/12/19 23:17:54 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
#include "ssh.h"
#include "packet.h"
--- /dev/null
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRMODE
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+
+void
+strmode(mode, p)
+ register mode_t mode;
+ register char *p;
+{
+ /* print type */
+ switch (mode & S_IFMT) {
+ case S_IFDIR: /* directory */
+ *p++ = 'd';
+ break;
+ case S_IFCHR: /* character special */
+ *p++ = 'c';
+ break;
+ case S_IFBLK: /* block special */
+ *p++ = 'b';
+ break;
+ case S_IFREG: /* regular */
+ *p++ = '-';
+ break;
+ case S_IFLNK: /* symbolic link */
+ *p++ = 'l';
+ break;
+ case S_IFSOCK: /* socket */
+ *p++ = 's';
+ break;
+#ifdef S_IFIFO
+ case S_IFIFO: /* fifo */
+ *p++ = 'p';
+ break;
+#endif
+#ifdef S_IFWHT
+ case S_IFWHT: /* whiteout */
+ *p++ = 'w';
+ break;
+#endif
+ default: /* unknown */
+ *p++ = '?';
+ break;
+ }
+ /* usr */
+ if (mode & S_IRUSR)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWUSR)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXUSR | S_ISUID)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXUSR:
+ *p++ = 'x';
+ break;
+ case S_ISUID:
+ *p++ = 'S';
+ break;
+ case S_IXUSR | S_ISUID:
+ *p++ = 's';
+ break;
+ }
+ /* group */
+ if (mode & S_IRGRP)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWGRP)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXGRP | S_ISGID)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXGRP:
+ *p++ = 'x';
+ break;
+ case S_ISGID:
+ *p++ = 'S';
+ break;
+ case S_IXGRP | S_ISGID:
+ *p++ = 's';
+ break;
+ }
+ /* other */
+ if (mode & S_IROTH)
+ *p++ = 'r';
+ else
+ *p++ = '-';
+ if (mode & S_IWOTH)
+ *p++ = 'w';
+ else
+ *p++ = '-';
+ switch (mode & (S_IXOTH | S_ISVTX)) {
+ case 0:
+ *p++ = '-';
+ break;
+ case S_IXOTH:
+ *p++ = 'x';
+ break;
+ case S_ISVTX:
+ *p++ = 'T';
+ break;
+ case S_IXOTH | S_ISVTX:
+ *p++ = 't';
+ break;
+ }
+ *p++ = ' '; /* will be a '+' if ACL's implemented */
+ *p = '\0';
+}
+#endif
--- /dev/null
+#ifndef HAVE_STRMODE
+
+void strmode( register mode_t mode, register char *p);
+
+#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.15 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
#include "ssh.h"
#include <openssl/bn.h>
bytes = (bits + 7) / 8;
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
- bin = (u_char*) buffer_ptr(buffer);
+ bin = (u_char *) buffer_ptr(buffer);
BN_bin2bn(bin, bytes, value);
buffer_consume(buffer, bytes);
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
+#include "clientloop.h"
/* import options */
extern Options options;
}
void
-client_set_session_ident(int id)
+clientloop_set_session_ident(int id)
{
- debug2("client_set_session_ident: id %d", id);
+ debug2("clientloop_set_session_ident: id %d", id);
session_ident = id;
channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
client_input_channel_req, (void *)0);
--- /dev/null
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+void clientloop_set_session_ident(int id);
AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
dnl Checks for time functions
AC_CHECK_FUNCS(gettimeofday time)
dnl Checks for libutil functions
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
#include "xmalloc.h"
return (1);
fail:
- fprintf(stderr, "Bad prime description in line %d\n", linenum);
+ error("Bad prime description in line %d\n", linenum);
return (0);
}
#include "buffer.h"
#include "bufaux.h"
-RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
Key *
key_new(int type)
switch(type){
case KEY_RSA:
key = key_new(type);
- buffer_get_bignum2(&b, key->rsa->n);
buffer_get_bignum2(&b, key->rsa->e);
+ buffer_get_bignum2(&b, key->rsa->n);
#ifdef DEBUG_PK
RSA_print_fp(stderr, key->rsa, 8);
#endif
break;
case KEY_RSA:
buffer_put_cstring(&b, key_ssh_name(key));
- buffer_put_bignum2(&b, key->rsa->n);
buffer_put_bignum2(&b, key->rsa->e);
+ buffer_put_bignum2(&b, key->rsa->n);
break;
default:
error("key_to_blob: illegal key type %d", key->type);
#include "bsd-misc.h"
#include "bsd-strlcpy.h"
#include "bsd-strlcat.h"
+#include "bsd-strmode.h"
#include "bsd-mktemp.h"
#include "bsd-snprintf.h"
#include "bsd-daemon.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.42 2001/01/09 21:19:50 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
/* Informs that the current session is interactive. Sets IP flags for that. */
void
-packet_set_interactive(int interactive, int keepalives)
+packet_set_interactive(int interactive)
{
+ static int called = 0;
+ int lowdelay = IPTOS_LOWDELAY;
+ int throughput = IPTOS_THROUGHPUT;
int on = 1;
+ if (called)
+ return;
+ called = 1;
+
/* Record that we are in interactive mode. */
interactive_mode = interactive;
/* Only set socket options if using a socket. */
if (!packet_connection_is_on_socket())
return;
- if (keepalives) {
- /* Set keepalives if requested. */
- if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on,
- sizeof(on)) < 0)
- error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
- }
/*
* IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
*/
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
if (packet_connection_is_ipv4()) {
- int lowdelay = IPTOS_LOWDELAY;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
(void *) &lowdelay, sizeof(lowdelay)) < 0)
error("setsockopt IPTOS_LOWDELAY: %.100s",
* IPTOS_THROUGHPUT.
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- int throughput = IPTOS_THROUGHPUT;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
sizeof(throughput)) < 0)
error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: packet.h,v 1.18 2000/12/19 23:17:57 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
* Informs that the current session is interactive. Sets IP flags for
* optimal performance in interactive use.
*/
-void packet_set_interactive(int interactive, int keepalives);
+void packet_set_interactive(int interactive);
/* Returns true if the current connection is interactive. */
int packet_is_interactive(void);
#include "includes.h"
#include "uuencode.h"
-RCSID("$OpenBSD: radix.c,v 1.14 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: radix.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
#ifdef AFS
#include <krb.h>
/* Nasty macros from BIND-4.9.2 */
#define GETSHORT(s, cp) { \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
(s) = (((my_u_short)t_cp[0]) << 8) \
| (((my_u_short)t_cp[1])) \
; \
}
#define GETLONG(l, cp) { \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
(l) = (((my_u_int32_t)t_cp[0]) << 24) \
| (((my_u_int32_t)t_cp[1]) << 16) \
| (((my_u_int32_t)t_cp[2]) << 8) \
#define PUTSHORT(s, cp) { \
register my_u_short t_s = (my_u_short)(s); \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_s >> 8; \
*t_cp = t_s; \
(cp) += 2; \
#define PUTLONG(l, cp) { \
register my_u_int32_t t_l = (my_u_int32_t)(l); \
- register my_u_char *t_cp = (my_u_char*)(cp); \
+ register my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_l >> 24; \
*t_cp++ = t_l >> 16; \
*t_cp++ = t_l >> 8; \
}
#define GETSTRING(s, p, p_l) { \
- register char* p_targ = (p) + p_l; \
- register char* s_c = (s); \
- register char* p_c = (p); \
+ register char *p_targ = (p) + p_l; \
+ register char *s_c = (s); \
+ register char *p_c = (p); \
while (*p_c && (p_c < p_targ)) { \
*s_c++ = *p_c++; \
} \
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.48 2001/01/01 14:52:49 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
addargs("-oFallBackToRsh no");
fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != EOF)
+ while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != -1)
switch (ch) {
/* User-visible flags. */
case '4':
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.48 2001/01/13 18:43:31 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
- /* Set interactive/non-interactive mode. */
- packet_set_interactive(have_pty || s->display != NULL,
- options.keepalives);
-
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
+ /* Set interactive/non-interactive mode. */
+ packet_set_interactive(s->display != NULL);
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
s->ptymaster = ptymaster;
/* Enter interactive session. */
+ packet_set_interactive(1);
if (compat20) {
session_set_fds(s, ptyfd, fdout, -1);
} else {
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.10 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
#include "ssh.h"
#include "buffer.h"
}
}
-Attrib *
-stat_to_attrib(struct stat *st)
+void
+stat_to_attrib(struct stat *st, Attrib *a)
{
- static Attrib a;
- attrib_clear(&a);
- a.flags = 0;
- a.flags |= SSH2_FILEXFER_ATTR_SIZE;
- a.size = st->st_size;
- a.flags |= SSH2_FILEXFER_ATTR_UIDGID;
- a.uid = st->st_uid;
- a.gid = st->st_gid;
- a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
- a.perm = st->st_mode;
- a.flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
- a.atime = st->st_atime;
- a.mtime = st->st_mtime;
- return &a;
+ attrib_clear(a);
+ a->flags = 0;
+ a->flags |= SSH2_FILEXFER_ATTR_SIZE;
+ a->size = st->st_size;
+ a->flags |= SSH2_FILEXFER_ATTR_UIDGID;
+ a->uid = st->st_uid;
+ a->gid = st->st_gid;
+ a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+ a->perm = st->st_mode;
+ a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
+ a->atime = st->st_atime;
+ a->mtime = st->st_mtime;
}
Attrib *
int
handle_to_string(int handle, char **stringp, int *hlenp)
{
- char buf[1024];
if (stringp == NULL || hlenp == NULL)
return -1;
- snprintf(buf, sizeof buf, "%d", handle);
- *stringp = xstrdup(buf);
- *hlenp = strlen(*stringp);
+ *stringp = xmalloc(sizeof(int32_t));
+ PUT_32BIT(*stringp, handle);
+ *hlenp = sizeof(int32_t);
return 0;
}
int
handle_from_string(char *handle, u_int hlen)
{
-/* XXX OVERFLOW ? */
- char *ep;
- long lval = strtol(handle, &ep, 10);
- int val = lval;
- if (*ep != '\0')
+ int val;
+ if (hlen != sizeof(int32_t))
return -1;
+ val = GET_32BIT(handle);
if (handle_is_ok(val, HANDLE_FILE) ||
handle_is_ok(val, HANDLE_DIR))
return val;
void
process_do_stat(int do_lstat)
{
- Attrib *a;
+ Attrib a;
struct stat st;
u_int32_t id;
char *name;
if (ret < 0) {
status = errno_to_portable(errno);
} else {
- a = stat_to_attrib(&st);
- send_attrib(id, a);
+ stat_to_attrib(&st, &a);
+ send_attrib(id, &a);
status = SSH2_FX_OK;
}
if (status != SSH2_FX_OK)
void
process_fstat(void)
{
- Attrib *a;
+ Attrib a;
struct stat st;
u_int32_t id;
int fd, ret, handle, status = SSH2_FX_FAILURE;
if (ret < 0) {
status = errno_to_portable(errno);
} else {
- a = stat_to_attrib(&st);
- send_attrib(id, a);
+ stat_to_attrib(&st, &a);
+ send_attrib(id, &a);
status = SSH2_FX_OK;
}
}
}
/*
- * XXX, draft-ietf-secsh-filexfer-00.txt says:
- * The recommended format for the longname field is as follows:
- * -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer
- * 1234567890 123 12345678 12345678 12345678 123456789012
+ * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh
*/
char *
ls_file(char *name, struct stat *st)
{
- char buf[1024];
- snprintf(buf, sizeof buf, "0%o %d %d %lld %d %s",
- st->st_mode, st->st_uid, st->st_gid, (long long)st->st_size,
- (int)st->st_mtime, name);
+ int sz = 0;
+ struct passwd *pw;
+ struct group *gr;
+ struct tm *ltime = localtime(&st->st_mtime);
+ char *user, *group;
+ char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
+
+ strmode(st->st_mode, mode);
+ if ((pw = getpwuid(st->st_uid)) != NULL) {
+ user = pw->pw_name;
+ } else {
+ snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+ user = ubuf;
+ }
+ if ((gr = getgrgid(st->st_gid)) != NULL) {
+ group = gr->gr_name;
+ } else {
+ snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+ group = gbuf;
+ }
+ if (ltime != NULL) {
+ if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
+ sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
+ else
+ sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
+ }
+ if (sz == 0)
+ tbuf[0] = '\0';
+ snprintf(buf, sizeof buf, "%s %3d %-8.8s %-8.8s %8qd %s %s", mode,
+ st->st_nlink, user, group, (long long)st->st_size, tbuf, name);
return xstrdup(buf);
}
if (dirp == NULL || path == NULL) {
send_status(id, SSH2_FX_FAILURE);
} else {
- Attrib *a;
struct stat st;
char pathname[1024];
Stat *stats;
"%s/%s", path, dp->d_name);
if (lstat(pathname, &st) < 0)
continue;
- a = stat_to_attrib(&st);
- stats[count].attrib = *a;
+ stat_to_attrib(&st, &(stats[count].attrib));
stats[count].name = xstrdup(dp->d_name);
stats[count].long_name = ls_file(dp->d_name, &st);
count++;
/* send up to 100 entries in one message */
+ /* XXX check packet size instead */
if (count == 100)
break;
}
process_rename(void)
{
u_int32_t id;
+ struct stat st;
char *oldpath, *newpath;
- int ret, status;
+ int ret, status = SSH2_FX_FAILURE;
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("rename id %d old %s new %s", id, oldpath, newpath);
- ret = rename(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ /* fail if 'newpath' exists */
+ if (stat(newpath, &st) == -1) {
+ ret = rename(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ }
send_status(id, status);
xfree(oldpath);
xfree(newpath);
__progname = get_progname(av[0]);
handle_init();
+#ifdef DEBUG_SFTP_SERVER
log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+#endif
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.23 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rsa.h>
if (success)
fprintf(stderr, "All identities removed.\n");
else
- fprintf(stderr, "Failed to remove all identitities.\n");
+ fprintf(stderr, "Failed to remove all identities.\n");
}
char *
defaults to generating an RSA key for use by protocols 1.3 and 1.5;
specifying the
.Fl t
-allows you to create a key for use by protocol 2.0.
+option allows you to create a key for use by protocol 2.0.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
appended.
The program also asks for a passphrase.
The passphrase may be empty to indicate no passphrase
-(host keys must have empty passphrase), or it may be a string of
+(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
Good passphrases are 10-30 characters long and are
not simple sentences or otherwise easily guessable (English
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.38 2000/12/28 18:58:39 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
exit(1);
}
- while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
+ while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != -1) {
switch (opt) {
case 'b':
bits = atoi(optarg);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.7 2001/01/08 22:03:23 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
int family = AF_UNSPEC; /* IPv4, IPv6 or both */
-#define PORT 22
#define MAXMAXFD 256
/* The number of seconds after which to give up on a TCP connection */
if (filename) {
lb->filename = filename;
if (!(lb->stream = fopen(filename, "r"))) {
- free(lb);
+ xfree(lb);
if (errfun)
(*errfun) ("%s: %s\n", filename, strerror(errno));
return (NULL);
if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
if (errfun)
(*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
- free(lb);
+ xfree(lb);
return (NULL);
}
lb->errfun = errfun;
Linebuf_free(Linebuf * lb)
{
fclose(lb->stream);
- free(lb->buf);
- free(lb);
+ xfree(lb->buf);
+ xfree(lb);
}
static inline void
char strport[NI_MAXSERV];
int gaierr, s = -1;
- snprintf(strport, sizeof strport, "%d", PORT);
+ snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
do {
name = xstrsep(&namelist, ",");
if (!name) {
- free(namebase);
+ xfree(namebase);
return (-1);
}
} while ((s = tcpconnect(name)) < 0);
close(s);
if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
fatal("confree: attempt to free bad fdno %d", s);
- free(fdcon[s].c_namebase);
- free(fdcon[s].c_output_name);
+ xfree(fdcon[s].c_namebase);
+ xfree(fdcon[s].c_output_name);
if (fdcon[s].c_status == CS_KEYS)
- free(fdcon[s].c_data);
+ xfree(fdcon[s].c_data);
fdcon[s].c_status = CS_UNUSED;
TAILQ_REMOVE(&tq, &fdcon[s], c_link);
FD_CLR(s, &read_wait);
char *iname, *oname;
iname = xstrdup(c->c_namelist);
- oname = c->c_output_name;
- c->c_output_name = NULL;/* prevent it from being freed */
+ oname = xstrdup(c->c_output_name);
confree(s);
ret = conalloc(iname, oname);
- free(iname);
+ xfree(iname);
+ xfree(oname);
return (ret);
}
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
error("ssh_rsa_verify: no RSA key");
return -1;
}
+ if (BN_num_bits(key->rsa->n) < 768) {
+ error("ssh_rsa_verify: n too small: %d bits",
+ BN_num_bits(key->rsa->n));
+ return -1;
+ }
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "clientloop.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
/* Do not allocate a tty if stdin is not a tty. */
if (!isatty(fileno(stdin)) && !force_tty_flag) {
if (tty_flag)
- fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
+ log("Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
tty_flag = 0;
}
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
- fprintf(stderr, "You don't exist, go away!\n");
+ log("You don't exist, go away!\n");
exit(1);
}
/* Take a copy of the returned structure. */
}
}
/* Tell the packet module whether this is an interactive session. */
- packet_set_interactive(interactive, options.keepalives);
-
+ packet_set_interactive(interactive);
/* Request authentication agent forwarding if appropriate. */
check_agent_present();
return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0);
}
-extern void client_set_session_ident(int id);
-
void
ssh_session2_callback(int id, void *arg)
{
int len;
+ int interactive = 0;
+
debug("client_init id %d arg %d", id, (int)arg);
if (no_shell_flag)
packet_put_int(ws.ws_ypixel);
packet_put_cstring(""); /* XXX: encode terminal modes */
packet_send();
+ interactive = 1;
/* XXX wait for reply */
}
if (options.forward_x11 &&
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication spoofing.");
x11_request_forwarding_with_spoofing(id, proto, data);
+ interactive = 1;
/* XXX wait for reply */
}
/* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */
done:
/* register different callback, etc. XXX */
- client_set_session_ident(id);
+ packet_set_interactive(interactive);
+ clientloop_set_session_ident(id);
}
int
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
int anonymous, uid_t original_real_uid,
const char *proxy_command)
{
+ int gaierr;
+ int on = 1;
int sock = -1, attempt;
- struct servent *sp;
- struct addrinfo hints, *ai, *aitop;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- int gaierr;
+ struct addrinfo hints, *ai, *aitop;
struct linger linger;
+ struct servent *sp;
debug("ssh_connect: getuid %u geteuid %u anon %d",
(u_int) getuid(), (u_int) geteuid(), anonymous);
/* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
linger.l_onoff = 1;
linger.l_linger = 5;
- setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
+ setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
+
+ /* Set keepalives if requested. */
+ if (options.keepalives &&
+ setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
/* Set the connection. */
packet_set_connection(sock, sock);
void ssh_kex(char *host, struct sockaddr *hostaddr);
void
-ssh_userauth(const char* local_user, const char* server_user, char *host,
+ssh_userauth(const char * local_user, const char * server_user, char *host,
int host_key_valid, RSA *own_host_key);
void ssh_kex2(char *host, struct sockaddr *hostaddr);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.14 2001/01/08 21:55:41 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
creds.pinst[0] = '\0';
/* Encode token, ship it off. */
- if (creds_to_radix(&creds, (u_char*) buffer, sizeof buffer) <= 0)
+ if (creds_to_radix(&creds, (u_char *) buffer, sizeof buffer) <= 0)
break;
packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
packet_put_string(buffer, strlen(buffer));
*/
void
ssh_userauth(
- const char* local_user,
- const char* server_user,
+ const char *local_user,
+ const char *server_user,
char *host,
int host_key_valid, RSA *own_host_key)
{
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.147 2001/01/10 19:43:20 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.150 2001/01/13 18:32:51 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != -1) {
switch (opt) {
case '4':
IPv4or6 = AF_INET;
sighup_restart();
if (fdset != NULL)
xfree(fdset);
- fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+ fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
- if (select(maxfd + 1, fdset, NULL, NULL, NULL) < 0) {
+ if (select(maxfd+1, fdset, NULL, NULL, NULL) < 0) {
if (errno != EINTR)
error("select: %.100s", strerror(errno));
continue;
linger.l_linger = 5;
setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
+ /* Set keepalives if requested. */
+ if (options.keepalives &&
+ setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
/*
* Register our connection. This turns encryption off because we do
* not have a key.